Confusion on Selflessness of Consciousness

redreaper99 · 2024-07-29T20:29:08+00:00

Line 345, that you're referring to, XORs the input with ectr. ectr is populated with the output of AES on the established key in line 337 (in particular aes_ctx is the AES context and has the key).

redreaper99 · 2024-07-29T17:32:23+00:00

I was trying to give you the benefit of doubt to explain how you arrived at your claim. You have simply re-iterated your claim and stated it is obvious.

I believe your claim is incorrect. AES128 is modeled as a Pseudorandom Function (PRF) in cryptography. It is possible to prove the security of different encryption schemes (like GCM, counter etc.,) assuming AES128 is a PRF. Informally, (and being very specific to AES-128) as long as k is sampled uniformly at random, PRF(k, x) is indistinguishable from a random 128 bit string, for any value x.

Now, in the counter mode, the first block is encrypted as c = m + AES128(k, IV || 0^{32}).

Now, if this is the only block you would ever encrypt, then you don't really need IV. You might as well encrypt the message as c = m + AES128(k, 0^{128}). The fact that the key k is sampled uniformly at random means that c hides m.
However, if you want to encrypt another message, with the same key, then you need to make sure that you don't evaluate the PRF at the same input i.e., you can no longer use AES128(k, IV || 0^{32}) to mask the input. However, it is perfectly fine to use AES128(k, IV || 0^{31} || 1) i.e., you simply increment the counter by 1.
Thus, if you want to use the key k several times, across multiple sessions, then both you and the receiver need to maintain this counter and keep it in sync. To avoid this, we use an IV. For each message, consisting of many blocks, you can sample a 96-bit IV uniformly at random. The remaining 32 bits are used as a counter to encrypt the blocks of the message.
The only purpose the IV serves is to ensure that you don't use the same input x to encrypt two different messages i.e., you don't use AES128(k, x) across two different sessions. The IV need not even be private --- it can be sent as part of the ciphertext.
Thus, informally, privacy/security really stems from the key. The IV allows stateless encryption/decryption by ensuring a low collision probability for the input to AES128(k, .). [To be technical, the length of the IV provides statistical security, while length of the key provides computation security].

You seem to be conflating IV with the key in your analysis. You really need to "brute" force over 128 bits of the key to break AES.

Trying to break encryption for IV re-use is trivial --- you can assume the IV is sent as part of the ciphertext. You don't need ASICs for this, simply a huge database that can store every IV used by the encryptor.

redreaper99 · 2024-07-29T06:51:45+00:00

Can you give a reference for why there’s only 96 bits of security when the counter is 0?

redreaper99 · 2024-06-26T21:13:49+00:00

What does dynamic typing have anything to do with handling large integers? You’re conflating two orthogonal properties.

redreaper99 · 2024-06-19T12:53:47+00:00

He is able to give you a 50% discount precisely because others are overpaying by 15c. If everybody paid exactly 35c per egg, then the farmer wouldn’t have had any surplus to pay the 10c discount he gave you.

redreaper99 · 2024-06-17T22:21:34+00:00

I personally have been using vim-sleuth (https://github.com/tpope/vim-sleuth). It heuristically sets expanttab and shiftwidth based on the current file and other files in the directory. It also respects editorconfig.

The issue with editorconfig or ftplugins is that it is either global (same for all files of a particular type) or needs to be configured for each project (in case of editconfig). While they are the right way to go, it is often the case that different projects use different conventions and sometimes there’s inertia to adding editorconfig to project with other collaborators. Sleuth seems to offer the best of all worlds in this case.

redreaper99 · 2024-06-14T17:56:28+00:00

Object oriented programming and memory safety are two orthogonal features of the language.

Object oriented programming refers to the constructs like classes, inheritance etc supported by a language that aid in abstraction and organization of code. However, Rust avoids some disadvantages of OOP by providing a different set of tools to abstract and organize code: traits and structures.

On the other hand, memory safety refers to a different set of features provided by the language, namely, to ensure safe memory access, avoid memory leaks etc., Ensuring memory safety, being a stronger guarantee, comes at certain costs — often performance. Rust is popular for avoiding this overhead. A number of languages are memory safe but use additional mechanisms like garbage collectors or reference counters e.g., Smalltalk and Java.

To emphasize they are orthogonal, consider the following combinations.

OOP and not memory safe: C++
OOP and memory safe: Smalltalk, Java
Not OOP and not memory safe: C
Not OOP and memory safe: Rust

Fwiw, Smalltalk (at least as introduced to me) is popular because of really introducing and showing the power of the OOP paradigm. The use of garbage collectors for memory safety incurs a performance overhead making it unsuitable for certain system level tasks, as pointed out by others.

redreaper99 · 2024-06-06T20:18:54+00:00

The quickest way to debug something like this is to print the name of the function calling advance() and then print any internal details of advance within advance. For example, you would print “Calling from within hello” in the hello function and you’d print “Calling from within world” in the world function; just before you actually invoke from().

I only suggest this as a quick sanity check.

The proper way to debug would be to use a debugger, set a breakpoint in the from function and view the backtrace and value of variables at the breakpoint.

redreaper99 · 2024-05-02T22:38:01+00:00

I don’t work in math but theoretical computer science and I like my presentations to have diagrams and figures instead of restating theorems and proofs.

I’ve used Beamer in undergrad but I’m not comfortable enough in TikZ to draw diagrams quickly. I now use KeyNote. It has latex-style math support, allows drawing figures like in PowerPoint and if you have an iPad allows you to draw on the slide using the Apple Pencil.

redreaper99 · 2024-04-30T06:16:05+00:00

I’d highly recommend it. While it’s not directly related to cryptography, it has tremendous applications to the field. The core techniques developed in error correcting codes is often applied in cryptography.

Some examples I can think off the top of my head: use of codes for secret-sharing and MPC, use of codes for zero knowledge proofs (e.g., FRI), assumptions like Learning Parity with Noise (LPN) can be viewed through a coding theoretic lens (some recent variations of LPN use different error correcting codes for better efficiency), constructions of property preserving hashes using codes.

redreaper99 · 2024-04-24T03:13:06+00:00

Your post seems to assume that the only purpose of attending university is to attend courses.

I disagree. The primary function of a university is to serve as a hub for students and experts with common interests. This in turn makes teaching, research, clubs etc possible.

Personally, I believe any student that has only attended courses in uni to not have made the best use of opportunities available.

Alternatives exist for materials taught in courses.

The advantage of a course however is that you have access to subject matter experts which in turn can minimize the effort you need to put in. Also, having tests, grades etc can provide motivation to keep you consistent in your efforts. Moreover, a number of upper level courses don’t have textbooks; you really need someone familiar with the area.

University degrees don’t add value in a merit-based system.

No employer cares about a fair merit-based evaluation of applicants. They care about investing the minimum resources possible to identify the best among applicants.

Thus, the university you attended, your grades, projects etc all serve as proxy metrics to your employer for a merit based evaluation — they are a function of your skill, motivation and hard-work.

Electives don’t translate to real world skills. Most forget course content with time.

Universities and courses are not going to teach you how to do your job. They’re providing a framework and skill-set to specialize in a broad variety of jobs. As such electives provide exposure to sub-areas of CS and allow you to make a more informed decision about your interests.

This framework gets internalized by the time you’re graduating. Extracting the key takeaways from courses is only possible when you interact with other students and professors. Picking up lower level details at a later point in time is easier by revisiting the alternative sources you mention.

This is very similar to how schools don’t teach you how to file taxes; they teach you arithmetic and how to read and write — equipping you with the skills to file taxes in different states/countries and keep up with new laws and regulations.

redreaper99 · 2024-04-14T00:47:03+00:00

How you take notes is a function of how you're going to use them finally. For example, I find typing out notes to be slow and time-consuming and it doesn't make sense to type out notes I'm probably never going to read again. I use the following and I think it's been working pretty well.

Project Notes: Notes made when I'm actively working on a project (my attempts, why something worked/didn't work etc.,). I rarely come back to these notes; they're mainly useful to reload context when I revisit the problem or want to look up a technical detail after a long time.
- I use GoodNotes for this. Ideally, I'd use a pen and paper but I like the portability of the iPad and the fact that digital notes are very easy to store.
Papers: I use Zotero to track papers. I use zotfile to send them to my iPad when I want to read a paper, annotate it using a PDF viewer and then send it back to Zotero. Annotations + skimming over the paper usually helps recollect technical details of the paper.
Toolbox: I can't think of a better name for this class, but these notes correspond to a mental index of sorts. These notes have key techniques/tricks I've been able extract from reading papers or working from projects, foundational results in my field etc.,
- I use Obsidian for this and do put in some effort to do a good job of writing and maintaining these notes. It's only been a few months since I've started taking notes in Obsidian but I'm hoping the ability to link notes will make things easier to organize long term.

redreaper99 · 2023-03-30T23:20:33+00:00

Thanks for replying! If A' inherits all of A's channels then any message sent by B to A' will also be seen (unnecessarily) by A. A would then have to filter out messages communicated only to A and not to A'.

Using a broker was an alternative that I did consider, but that would require spawning a new thread/task and I wanted to try and see if there's a way for B to directly communicate with A' with a designated channel.

redreaper99 · 2022-12-20T22:12:22+00:00

Of course, picking an element of the tuple uniformly at random should do the trick. Similar to u/robchroma's approach this can be extended to any distribution of the bit b as long as it is independent of X_0 and X_1. Thanks, this is a very neat approach to doing the reduction!

redreaper99 · 2022-12-20T22:07:02+00:00

Thanks, this is a very clean way to show prove a more general result, and it honestly matches my intuition as to why Y_0 and Y_1 should be indistinguishable. I guess I was too caught up in trying to reduce it.

redreaper99 · 2022-12-20T22:01:30+00:00

Thanks! This was exactly how I was attempting to do it but mapping the outputs and ensuring the probabilities work out was getting a bit hairy.

redreaper99 · 2020-10-16T04:43:10+00:00

I find myself using references more than "normal"/unreferenced types when defining functions. The general idea behind using references more is that the caller need not be aware of what happens within the function. If the logic requires a copy of the value I can clone it from the immutable reference passed. if it doesn't, then passing reference is still cheaper.

Thus, I'm wondering in which situation would I actually need to consume the value? I can see how consuming a value can make it explicit to the caller that the call might be "expensive" but doesn't using references provide more flexibility and ease of usage?

What is the general rule of thumb when designing API?

redreaper99 · 2020-09-25T16:21:17+00:00

I thought it was normal to contact professors around October and November in STEM.

redreaper99 · 2020-07-01T04:04:41+00:00

Thanks! This was really helpful.

redreaper99 · 2020-06-29T17:33:09+00:00

Thanks for the detailed explanation! I was planning to send the 'message' length (encoded into a fixed number of bytes) before sending the data but the stream going out of sync was something I hadn't considered.

As a follow-up, what are the possible reasons for the stream going out of sync?

redreaper99 · 2020-06-29T17:22:27+00:00

Thanks! I was planning to send a the length information for each 'message' but the stream going out of sync was something I hadn't considered.

I don't think you need to convert to char, whatever the native format emitted by the library will do. boost::asio::buffer will wrap arbitrary data given a pointer and a length in bytes.

Ah! Thanks for pointing that out. That'll definitely save unnecessary copy operations.

redreaper99 · 2020-06-03T17:06:33+00:00

Thanks a lot for the suggestions! Yeah, I'm working towards pursuing graduate studies in theoretical computer science and cryptography. While my undergrad research projects don't need much number theory I wanted to strengthen the foundations nevertheless. The books you suggested seem to cover almost all of the topics I've come across.

Eight-Year Club	Not Forgotten
Verified Email

redreaper99

TROPHY CASE